In the wake of the hearings about Facebook’s new Libra blockchain, it is more important than ever that we all understand the difference between trustworthy and trustless apps. A trustworthy app is an app whose developers are known and trusted by the community. The developer’s reputations and businesses are on the line, so it motivates them to make sure their applications have few bugs and no malicious code. A trustless app is an app whose code is open-source so that the community can see for themselves that the code has few bugs and no malicious code.
We recently integrated Snyk into boot.dev as a way to get more visibility into known vulnerabilities in boot.dev’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago. We can’t speak to whether Snyk is a cost-effective tool for commercial applications. However, their support for the open-source community by offering free integrations is worth the few minutes it takes to install.